Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] Really important: anyone can become listmaster!
- From: Simone Dal Maso <address@concealed>
- To: address@concealed
- Subject: [sympa-users] Really important: anyone can become listmaster!
- Date: Fri, 3 Jun 2016 11:08:06 +0200
Hello,
I have a really great problem.
On my Sympa 6.1.23 anyone can become a list creator.
Steps to reproduce it is very easy:
1. Go to the /wws sympa interface and request a new password.
2. Click the link on the email and you must type your password, but already in this situation you can see the name of the lists, and one is absolutely private!
After you digit your password you are the boss. You can create one list and make what you want!
Please, what I'm missing?
It is absolutely not acceptable this kind of policy, but I think I make a great mistake, but I don't know what...
Just a question, is it important the ip address? Since I'm using my server as a proxy, the ip address is 127.0.0.1. Is Sympa reading this information and so decide that I am the super admin anyway?
-
[sympa-users] Really important: anyone can become listmaster!,
Simone Dal Maso, 06/03/2016
- Re: [sympa-users] Really important: anyone can become listmaster!, David Verdin, 06/03/2016
Archive powered by MHonArc 2.6.19+.